public async Task<List<string>> Delete(int claimId)
{
List<string> errors = new List<string>();
int deletedCount = 0;
try
{
using (DataLayer.EFDbContext.AuthorizationContext authContext = new DataLayer.EFDbContext.AuthorizationContext())
{
DataLayer.Entities.User.Claims claim = await authContext.Claims.FindAsync(claimId);
authContext.Claims.Remove(claim);
deletedCount = await authContext.SaveChangesAsync();
if (deletedCount <= 0)
{
errors.Add("Error deleting Claim, ClaimID: " + claimId.ToString());
}
}
}
catch (DbEntityValidationException ex)
{
errors.Add(ex.ToString());
}
return errors;
}
public async Task<List<string>> RevokeAllTokens(string userName)
{
List<string> errors = new List<string>();
if (string.IsNullOrEmpty(userName))
{
errors.Add("No user specified.");
return errors;
}
try
{
using (DataLayer.EFDbContext.AuthorizationContext authContext = new DataLayer.EFDbContext.AuthorizationContext())
{
var tokens = authContext.AuthorizationTokens.Where(at => at.userName == userName);
foreach (var token in tokens)
{
token.isActive = false;
}
await authContext.SaveChangesAsync();
}
}
catch (DbEntityValidationException ex)
{
errors.Add(ex.ToString());
}
return errors;
}
public async Task<DataLayer.Entities.User.Claims> GetByID(int claimId)
{
DataLayer.Entities.User.Claims claim;
using (DataLayer.EFDbContext.AuthorizationContext authContext = new DataLayer.EFDbContext.AuthorizationContext())
{
claim = await authContext.Claims.FirstOrDefaultAsync(c => c.claimId == claimId);
}
return claim;
}
public async Task<List<DataLayer.Entities.User.Claims>> Get()
{
List<DataLayer.Entities.User.Claims> claims;
using (DataLayer.EFDbContext.AuthorizationContext authContext = new DataLayer.EFDbContext.AuthorizationContext())
{
claims = await (from c in authContext.Claims select c).ToListAsync();
}
return claims;
}
public async Task<ngk.DataLayer.Entities.User.Claims> Insert(DataLayer.Entities.User.Claims claim)
{
using (DataLayer.EFDbContext.AuthorizationContext authContext = new DataLayer.EFDbContext.AuthorizationContext())
{
authContext.Claims.Add(claim);
await authContext.SaveChangesAsync();
}
if (claim.claimId != 0)
{
return claim;
}
return null;
}
public static IEnumerable<Claim> GetClaims(ApplicationUser user)
{
List<Claim> claims = new List<Claim>();
using (DataLayer.EFDbContext.AuthorizationContext authContext = new DataLayer.EFDbContext.AuthorizationContext())
{
var claimsRoles = authContext.ClaimsRoles.Include("Claims").Include("Role").ToList();
foreach (var claim in claimsRoles)
{
claims.Add(CreateClaim(claim.claims.claimName, "1"));
}
}
return claims;
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
roles = Roles.Split(',').ToList();
if (actionContext.Request.Headers.Authorization == null)
{
return false;
}
var authToken = actionContext.Request.Headers.Authorization.Parameter;
// check user's roles
var userName = actionContext.RequestContext.Principal.Identity.GetUserName();
foreach (var role in roles)
{
if (actionContext.RequestContext.Principal.IsInRole(role))
{
unauthorizedByRole = false;
}
}
if (unauthorizedByRole)
{
unauthorizedReason = "user_role_invalid";
return false;
}
// check for existing token
bool currentTokenActive = false;
using (DataLayer.EFDbContext.AuthorizationContext authContext = new DataLayer.EFDbContext.AuthorizationContext())
{
// if any token other than the passed in token is active then it is expired and the user will be logged out
currentTokenActive = authContext.AuthorizationTokens.Any(at => at.userName == userName && at.isActive && at.userToken == authToken);
}
if (!currentTokenActive)
{
unauthorizedReason = "single_sign_denial";
return false;
}
// ensure user is minimally authed
if (!base.IsAuthorized(actionContext))
{
return false;
}
return true;
}
public async Task<List<string>> UpdateUser(string originalEmail, string updatedEmail, string firstName, string lastName)
{
List<string> errors = new List<string>();
try
{
using (DataLayer.EFDbContext.AuthorizationContext authContext = new DataLayer.EFDbContext.AuthorizationContext())
{
var updateUser = authContext.Users.First(u => u.Email == originalEmail);
updateUser.Email = updatedEmail;
updateUser.UserName = updatedEmail; // for now, username is email address...
updateUser.firstName = firstName;
updateUser.lastName = lastName;
await authContext.SaveChangesAsync();
}
}
catch (DbEntityValidationException ex)
{
errors.Add(ex.ToString());
}
return errors;
}
